A New Malware Threat: The Meduza Stealer
A new malware called “The Meduza Stealer” has recently been identified by the Uptycs Threat Research team. This sophisticated threat is targeting Windows users with advanced data theft tactics, posing a significant risk to individuals and organizations alike.
Discovery and Capabilities
The Uptycs team discovered the Meduza Stealer while monitoring dark web forums and Telegram channels. According to their findings, this malware, crafted by an actor known as ‘Meduza,’ is designed to specifically target Windows users, with only ten countries currently being spared from its reach.
The primary objective of the Meduza Stealer is to steal data, particularly from browsers. This includes sensitive information such as login credentials, browsing history, bookmarks, and vulnerable extensions like crypto wallets, password managers, and two-factor authentication (2FA) extensions. Additionally, the malware can collect various system-related information from infected devices, such as system build, CPU specifications, geographical location, and more.
Communication with the Malware Administrator
Uptycs communicated with the administrator of the Meduza Stealer’s infrastructure, who stated that their operations do not involve ransom activities but focus solely on data theft. The malware administrator also indicated that Meduza is actively developed and capable of incorporating new features, making it a highly stealthy cybersecurity threat.
Marketing and Distribution Tactics
The marketing and distribution of the Meduza Stealer are primarily conducted through dark web forums and Telegram channels. The malware is promoted and made available to potential cyber-criminals, with the administrator actively engaging with interested parties to highlight its features and capabilities. Distribution is limited to specific countries to avoid detection in certain regions.
Potential Risks
If left unchecked, the Meduza Stealer can lead to severe consequences, including financial losses and large-scale data breaches for affected individuals and organizations. While no specific attacks have been attributed to Meduza to date, the risks it poses should not be underestimated.
The Uptycs advisory on the Meduza Stealer comes in the wake of findings about another infostealer targeting Windows users, called ThirdEye, shared by FortiGuard Labs.